CN110460475A - A kind of message safe processing system and method - Google Patents

A kind of message safe processing system and method Download PDF

Info

Publication number
CN110460475A
CN110460475A CN201910779833.5A CN201910779833A CN110460475A CN 110460475 A CN110460475 A CN 110460475A CN 201910779833 A CN201910779833 A CN 201910779833A CN 110460475 A CN110460475 A CN 110460475A
Authority
CN
China
Prior art keywords
message
module
processor
safe handling
hardware security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910779833.5A
Other languages
Chinese (zh)
Other versions
CN110460475B (en
Inventor
唐峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Material Core Technology Co Ltd
Original Assignee
Beijing Material Core Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Material Core Technology Co Ltd filed Critical Beijing Material Core Technology Co Ltd
Priority to CN201910779833.5A priority Critical patent/CN110460475B/en
Publication of CN110460475A publication Critical patent/CN110460475A/en
Application granted granted Critical
Publication of CN110460475B publication Critical patent/CN110460475B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the invention discloses a kind of message safe processing system and methods.Wherein, message safe processing system includes: that processor, hardware security Co-processor Module and network process module, processor are integrated with software security protocols and control module;Network process module is connect at least one network interface, and the message received from network interface is sent to hardware security Co-processor Module and carries out safe handling;The message that will be fed back after the completion of the processing of hardware security Co-processor Module, is sent out by network interface;Hardware security Co-processor Module feeds back to network process module after the message for sending the network process module received carries out safe handling.The technical solution of the embodiment of the present invention passes through the interaction of hardware security Co-processor Module and network process module, realizes message safe handling and does not need to occupy the effect of processor running memory, limits the process performance of message security feature by processor performance.

Description

A kind of message safe processing system and method
Technical field
The present embodiments relate to network communication technology more particularly to a kind of message safe processing system and methods.
Background technique
With the rapid development of computer technology, the business handled on computers also by based on single machine file process or Person is developed to based on the interior business processing etc. simply connected based on complex internal net, extranet and Global Internet Enterprise-class computers processing system and worldwide information sharing and business processing.
The raising of computer system concatenation ability and negotiability, so that its ability in terms of system business processing obtains Tremendous increase, simultaneously the safety problem based on network connection also becomes increasingly conspicuous, once system is by attack, it will to enterprise Industry brings huge loss.
In conventional network equipment, the characteristic of common security classes, such as IPSEC, SSL, TLS, DTLS, MACSec, SRTP, Following several implementations: first, CPU pure software mode are often used, mainly by CPU operational safety characteristic software, are realized Message safe handling;Second, by integrating the CPU of specific safety characteristic associated instruction set, operational safety characteristic software realizes message Safe handling;Third, CPU add safe Co-processor Module mode, the main message segment that will need to carry out safe handling by CPU It is sent to safety Co-processor Module, realizes message safe handling, but require to occupy a part of CPU in above-mentioned implementation Operation resource and interface bandwidth, the process performance of security feature limited by cpu performance.
Summary of the invention
The embodiment of the present invention provides a kind of message safe processing system and method, with by hardware security Co-processor Module and The message security processes participated in without processor are realized in the interaction of network process module.
In a first aspect, the embodiment of the invention provides a kind of message safe processing system, the system comprises: processor, Hardware security Co-processor Module and network process module, the processor are integrated with software security protocols and control module;
The processor, for establish secured session or need to conversate state refresh when, by operation described in Software security protocols and control module configure the hardware security Co-processor Module and the network process module;
The network process module, for after configuration, the message received from network interface being sent to described Hardware security Co-processor Module carries out safe handling;The message that will be fed back after the completion of hardware security Co-processor Module processing, It is sent out by the network interface;
The hardware security Co-processor Module, the report sent for after configuration, receiving the network process module After text carries out safe handling, the network process module is fed back to.
Second aspect, the embodiment of the invention also provides a kind of message security processings, which comprises
By processor establish secured session or need to conversate state refresh when, runs software security protocol with Control module configures hardware security Co-processor Module and network process module;
The message for carrying out safe handling is needed to be sent to by what is received from network interface by the network process module The hardware security Co-processor Module;
Safe handling is carried out to the message for needing to carry out safe handling by the hardware security Co-processor Module, and Message Jing Guo safe handling is fed back into the network process module;
The message by safe handling is sent by the network interface by the network process module.
The technical solution of the embodiment of the present invention, message safe processing system, comprising: processor, hardware security association processing mould Block and network process module, when establishing secured session, by processor runs software security protocol and control module, to hardware Safe Co-processor Module and network process module are configured, after session establishment, by hardware security Co-processor Module and The message security processes participated in without processor are realized in the interaction of network process module, make the processing of security feature not by The limitation of processor performance.
Detailed description of the invention
Fig. 1 is the structural schematic diagram of one of embodiment of the present invention one message safe processing system;
Fig. 2 is the structural schematic diagram of one of embodiment of the present invention two message safe processing system;
Fig. 3 is the flow chart of one of embodiment of the present invention three message security processing.
Specific embodiment
The present invention is described in further detail with reference to the accompanying drawings and examples.It is understood that this place is retouched The specific embodiment stated is used only for explaining the present invention rather than limiting the invention.It also should be noted that in order to just Only the parts related to the present invention are shown in description, attached drawing rather than entire infrastructure.
Embodiment one
Fig. 1 is the structural schematic diagram of one of the embodiment of the present invention one message safe processing system, the skill of the present embodiment Art scheme is suitable for the case where carrying out message safe handling by hardware security Co-processor Module and network process module, the message Safe processing system includes processor 1, hardware security Co-processor Module 2 and network process module 3, and the processor 1 is integrated with Software security protocols and control module 4.
The processor 1 by control management bus 5 respectively with the hardware security Co-processor Module 2 and the network Processing module 3 is connected;The hardware security Co-processor Module 2 and the network process module 3 pass through 6 phase of Message processing bus Even.
In the present embodiment, processor 1 by control management bus 5 respectively with hardware security Co-processor Module 2 and network Processing module 3 is connected, and to realize that processor 1 carries out related management and configuration to above-mentioned two module, while being not necessarily to realize The message security processes that processor 1 participates in, are arranged between hardware security Co-processor Module 2 and network process module 3 Message processing bus 6, to realize high-efficiency transfer of the message between above-mentioned two module.
The processor 1, for establish secured session or need to conversate state refresh when, by operation described in Software security protocols and control module 4, match the hardware security Co-processor Module 2 and the network process module 3 It sets.
In the present embodiment, in order to realize that the interaction only by hardware security Co-processor Module 2 and network process module 3 is complete At message safe handling, operation resource and interface bandwidth without occupying processor 1 in message security processes, only It needs when establishing secured session and the state that needs to conversate refreshes, by processor 1 to hardware security Co-processor Module 2 And network process module 3 carries out the configuration of relevant information.
Illustratively, by processor 1 in network process module 3 configuration message setting feature, and by network processes mould The message of the satisfaction setting feature received is forwarded to hardware security Co-processor Module 2 and handled by block 3, also, can be with Message safe handling agreement in hardware security Co-processor Module 2 is configured by processor 1, so that hardware security Co-processor Module 2 Safe handling is carried out to the message received according to preconfigured message safe handling agreement.
The network process module 3, connect at least one network interface, is used for after configuration, will be from the net Network interface to message be sent to the hardware security Co-processor Module 2 and carry out safe handling;The hardware security is assisted The message fed back after the completion of the processing of processing module 2, is sent out by the network interface.
In the present embodiment, after the completion of secured session is established, only by by preconfigured hardware security association processing mould The information exchange of block 2 and network process module 3 realizes message safe handling and forwarding operation.Wherein, network process module 3 is first Message is received from least one network interface, then determining from the message received by preconfigured relevant information needs The message of safe handling is carried out, and it is sent directly to hardware security Co-processor Module 2 by Message processing bus 6 and is carried out Safe handling, and the message carried out after safe handling that hardware security Co-processor Module 2 is fed back finally is received, and passed through phase The network interface answered issues.
The hardware security Co-processor Module 2 is used for after configuration, the network process module 3 that will be received After the message of transmission carries out safe handling, the network process module 3 is fed back to.
In the present embodiment, hardware security Co-processor Module 2 receives network process module 3 after the completion of secured session is established The message for needing to carry out safe handling sent, and need to carry out the type of safe handling (for example, message encryption, solution according to it The safe handlings types such as close and signature verification), safe handling is carried out to message, and in message security processes, pass through reading Preconfigured message safe handling agreement is taken to carry out the safe handling of corresponding types to the message received, and finally will processing Message after the completion passes through Message processing bus feedback to network process module 3, to realize the transmission of message.
Optionally, the hardware security Co-processor Module 2 is also used to count the operation of safe handling, be pacified The statistical information and secured session status information of the operation handled entirely;
The processor 1 is also used to extract the statistics letter of the operation of safe handling from hardware security Co-processor Module 2 Breath, wherein the statistical information of the operation of the safe handling, which is included in the hardware security Co-processor Module 2, carries out safe place It manages the message amount of operation, carry out the type of secure processing operations.
In this optional embodiment, hardware security Co-processor Module 2 will do it report while carrying out message safe handling The statistics of the full processing relevant information in Wenan, for example, carrying out the message total amount of secure processing operations, each message carries out safe place Manage the statistical informations such as the type of operation.
Correspondingly, processor 1 is also used to read the secure processing operations correlation letter of the statistics of hardware security Co-processor Module 2 Breath, is stored with the statistical information to message secure processing operations.
Optionally, the system also includes memory 7, the memory 7 passes through control management bus 5 and 1 phase of processor Even, the statistics for the operation for extracting safe handling for storing the processor 1 from the hardware security Co-processor Module 2 is believed Breath.
In this optional embodiment, message safe processing system further includes memory 7, and memory is divided by control management bus 5 It is not connected with processor 1, by this present embodiment, Message processing process is participated in without processor 1, therefore, without by network The packet storage that processing module 3 receives is into memory 7, it is only necessary to extract processor 1 from hardware security Co-processor Module 2 The statistical information of the operation of safe handling is stored into memory 7.
The technical solution of the embodiment of the present invention, message safe processing system, comprising: processor, hardware security association processing mould Block and network process module, when establishing secured session, by processor runs software security protocol and control module, to hardware Safe Co-processor Module and network process module are configured, after session establishment, by hardware security Co-processor Module and The message security processes participated in without processor are realized in the interaction of network process module, make the processing of security feature not by The limitation of processor performance.
Embodiment two
Fig. 2 is a kind of structural schematic diagram of message safe processing system provided by Embodiment 2 of the present invention, and the present embodiment exists It is further refined on the basis of above-described embodiment, provides processor 1, hardware security Co-processor Module 2 and network process module 3 Concrete function.A kind of message safe processing system provided by Embodiment 2 of the present invention is illustrated below with reference to Fig. 2:
Message safe processing system includes: processor 1, hardware security Co-processor Module 2 and network process module 3, described Processor 1 is integrated with software security protocols and control module 4.
The processor 1 by control management bus 5 respectively with the hardware security Co-processor Module 2 and the network Processing module 3 is connected;The hardware security Co-processor Module 2 and the network process module 3 pass through 6 phase of Message processing bus Even.
Optionally, processor 1 by AXI bus respectively with 3 phase of hardware security Co-processor Module 2 and network process module Even.
Wherein, AXI (Advanced eXtensible Interface, abbreviation AXI) bus be it is a kind of towards high-performance, High bandwidth, the bus of low latency can satisfy the demand of very-high performance and complicated system-on-chip designs.
Optionally, the Message processing bus 6 of the hardware security Co-processor Module 2 and network process module 3 is connected as height The Inline data/address bus of bandwidth.
Wherein, the Inline data/address bus is connect hardware security Co-processor Module 2 and network process module 3 dedicated Bus has higher bandwidth, can be realized message high-efficiency transfer.
In this optional embodiment, the message that network process module 3 is received from network interface passes through Inline data Bus is sent to hardware security Co-processor Module 2, and the message after safe handling is fed back by Inline data/address bus To network process module 3, the high-performance interaction between hardware security Co-processor Module 2 and network process module 3 is realized, is realized Security processes without the message that processor 1 participates in.
The processor 1, for establish secured session or need to conversate state refresh when, by operation described in Software security protocols and control module 4, match the hardware security Co-processor Module 2 and the network process module 3 It sets.
Optionally, the processor 1 is specifically used for:
When establishing secured session, by running the software security protocols and control module, the hardware security is assisted The secured session table 21 and module control table 22 for including in processing module 2 are configured, and, to the network process module 3 In include exchange forwarding table 31 and secured session drainage table 32 configured.
It optionally, include: safe handling agreement in the secured session table 21, the module control table 22 includes: docking The message received carries out the control logic of safe handling;
It include: the identity identification information of the message received in the exchange forwarding table 31 and secured session drainage table 32.
In above-mentioned two optional embodiment, processor 1 is real by control management bus 5 when establishing secured session Now to the configuration of hardware security Co-processor Module 2 and network process module 3.
Wherein, the configuration of hardware security Co-processor Module 2 is related generally to carry out safe handling to the message received Control logic, and to message carry out safe handling related protocol.Illustratively, mainly configuration hardware security association handles mould Message involved in message safe handling logic involved in the module control table 22 for including in block 2 and secured session table 21 Safe handling agreement, specifically, including needing to carry out the message for meeting setting feature 1 received in module control table 22 Encryption is decrypted the message for meeting setting feature 2 received and waits safe handlings logic;Secured session table 21 In include, to message carry out safe handling use related protocol information, for example, carry out IPSEC processing, the Security Association needed SA controls information.
Wherein, the message identity knowledge that configuration meets setting feature is related generally to for the configuration of network security processing module 3 Other information.Illustratively, exchange forwarding table 31 and the secured session drainage for including in main Configuration network secure processing module 3 The message of satisfaction setting feature involved in table 32, and meet the message session id of this feature, specifically, secured session drains It include the setting feature of message in table 32, for example, setting feature includes message five-tuple and Serial Peripheral Interface (SPI) (Serial Peripheral Interface, SPI) information, it can be used for the report for judging to receive by the five-tuple of the message received Whether text needs to carry out safe handling, only when message meets above-mentioned setting feature, just can determine whether the session id of the message, and Message and message session id are sent to hardware security Co-processor Module 2 and carry out safe handling;Include in exchange forwarding table 31 The message and its session id for carrying out safe handling, the message for that will pass through safe handling are issued by specific network ports.
After the completion of the configuration of above-mentioned configuration information, it is no longer necessary to which processor 1 participates in message safe handling, it is only necessary to hardware peace The configuration information that full Co-processor Module 2 and network process module 3 include, can be realized and carry out safe place to the message received Reason.
The hardware security Co-processor Module 2, for after configuration, receiving the transmission of network process module 3 After message carries out safe handling, the network process module 3 is fed back to.
Optionally, the hardware security Co-processor Module 2, is specifically used for:
According to the control logic for including in the module control table 22, safety corresponding with the message received is determined Handle type;
According to the safe handling agreement in the secured session table 21, to the message received carry out with it is described The corresponding safe handling of safe handling type, by after safe handling message and Message processing be sent to information it is described Network process module, the Message processing include indicating the whether successful identification information of safe handling with information.
In this optional embodiment, the preconfigured secured session table 21 of combination processing device 1 and module control table 22, more The function of hardware security Co-processor Module 2 is specifically illustrated, firstly, according to the control logic for including in module control table 22, It determines the type for the safe handling that the message received needs to carry out, is then assisted according to the safe handling that secured session table 21 includes Discuss to message carry out corresponding types safe handling, and finally by after safe handling message and its corresponding safe handling Whether successful identification information (i.e. Message processing is with information) feeds back to network process module 3.
Illustratively, according to the control logic for including in module control table 22, determine that the message 1 received is added Operation is decrypted in close operation, the needs of message 2, the safe handling agreement that then includes according to secured session table 21 (for example, IPSEC agreement) to message carry out corresponding types safe handling.
The network process module 3, connect at least one network interface, is used for after configuration, will be from the net Network interface to message be sent to the hardware security Co-processor Module 2 and carry out safe handling;The hardware security is assisted The message fed back after the completion of the processing of processing module 2, is sent out by the network interface;
Optionally, the network process module 3, is specifically used for:
Message is received by the network interface;
According to the identity identification information for the message received that the secured session drainage table includes, acquisition is pacified The message handled entirely, and it is sent to hardware security Co-processor Module;
Receive the message and the adjoint letter of Message processing after safe handling that the hardware security Co-processor Module is sent Breath;
When the adjoint information of the Message processing is Message processing success, by the message after safe handling and The adjoint information of Message processing, by being connect with the matched network of identity identification information for exchanging the message in forwarding table Mouth issues.
In this optional embodiment, the preconfigured exchange forwarding table 31 of combination processing device 1 and secured session drain table 32, More specifically the function of network process module 3 is illustrated, firstly, receiving message, then basis from least one network interface The setting feature for the message for including in secured session drainage table 32 determines the message for needing to carry out safe handling, and is sent to To hardware security Co-processor Module 2, the final message and report by safe handling for receiving hardware security Co-processor Module 2 and feeding back Text is handled with information, and judges whether the safe handling of message succeeds with information according to Message processing, if so, according to friendship Change forwarding table 31 by Jing Guo safe handling message and its Message processing with information be sent to corresponding network interface.
Illustratively, contained in secured session drainage table 32 message setting feature (including message five-tuple and SPI letter Breath), then the message received is screened according to the setting feature, obtain with setting characteristic matching message (need into The message of row safe handling) and its session id, and send it to hardware security Co-processor Module 2 and carry out safe handling, it is connecing After receiving feedback information, according to exchange forwarding table 31 by Jing Guo safe handling message and its Message processing be sent to information Corresponding network interface.
The technical solution of the present embodiment, message safe processing system, comprising: processor, hardware security Co-processor Module and Network process module, when establishing secured session, by processor runs software security protocol and control module, to hardware security Co-processor Module and network process module are configured, after session establishment, the safe meeting for including by network process module Words drainage table will need the message for carrying out safe handling be sent to hardware security association Co-processor Module, and by hardware security association at The secured session table and module control table that reason module includes carry out safe handling to the message received, finally according to network processes The exchange forwarding table that module includes by Jing Guo safe handling message and its Message processing with information be sent to corresponding network Interface, entire message security processes are participated in without processor, limit the processing of security feature by processor performance.
Embodiment three
Fig. 3 is the flow chart of one of the embodiment of the present invention three message security processing, the technical side of the present embodiment Case is suitable for the case where carrying out message safe handling by hardware security Co-processor Module and network process module, and this method can be with It is executed by message safe processing system, specifically includes the following steps:
Step 110, by processor establish secured session or need to conversate state refresh when, runs software peace Full agreement and control module, configure hardware security Co-processor Module and network process module.
Wherein, carrying out configuration to hardware security Co-processor Module and network process module includes handling hardware security association The configuration of secured session table and module control table and to exchanging forwarding table in network process module and secured session is drawn in module The configuration of flow table.
In the present embodiment, when establishing secured session, need first through processor runs software security protocol and control Module configures the relevant information in hardware security Co-processor Module and network process module, to realize secured session After the completion of foundation, the safe handling of message is only completed by hardware security Co-processor Module and network process module.
Step 120, the report for needing to carry out safe handling that will be received from network interface by the network process module Text is sent to the hardware security Co-processor Module.
In the present embodiment, network process module receives message from network interface, and drains table to reception by secured session To message screened, obtain meet setting feature message after, send it in hardware security Co-processor Module and carry out Safe handling.
It is exemplary, the message received is carried out according to the setting feature for including in preconfigured secured session drainage table Screening, obtains the message for needing to carry out safe handling, for example, filtering out message source port is 10000 message, and is sent to Safe handling is carried out into hardware security Co-processor Module.
Step 130 needs the message for carrying out safe handling to pacify by the hardware security Co-processor Module to described Full processing, and the message Jing Guo safe handling is fed back into the network process module.
In the present embodiment, hardware security Co-processor Module is received according to the control logic in module control table, determination The corresponding safe handling type of message carries out the message received then according to the safe handling agreement in secured session table Safe handling corresponding with safe handling type obtains the message after safe handling and Message processing with information, and will It feeds back to network process module.
Illustratively, hardware security Co-processor Module is currently received according to the control logic in module control table, determination Message needs be encrypted, then according to the safe handling agreement in preconfigured secured session table (for example, IPSEC Agreement) current message is encrypted, and by after encryption message and Message processing feed back to information Network process module.
The message by safe handling is passed through the network interface by the network process module by step 140 It is sent.
In the present embodiment, when network process module receive hardware security Co-processor Module feedback after safe handling Message and Message processing with information after, determine whether message safe handling succeeds with information according to Message processing first, If so, the message Jing Guo safe handling is sent out by corresponding network interface.
The technical solution of the embodiment of the present invention, through processor when establishing secured session, runs software security protocol with Control module configures hardware security Co-processor Module and network process module, after the completion of secured session is established, leads to It crosses network process module and needs the message for carrying out safe handling to be sent to the processing of hardware security association for what is received from network interface Module, and safe handling is carried out to the message for needing to carry out safe handling by hardware security Co-processor Module, will finally it pass through The message of safe handling feeds back to network process module, is sent it by network interface by network process module, real The message security processes now participated in without processor, limit the processing of security feature by processor performance.
Note that the above is only a better embodiment of the present invention and the applied technical principle.It will be appreciated by those skilled in the art that The invention is not limited to the specific embodiments described herein, be able to carry out for a person skilled in the art it is various it is apparent variation, It readjusts and substitutes without departing from protection scope of the present invention.Therefore, although being carried out by above embodiments to the present invention It is described in further detail, but the present invention is not limited to the above embodiments only, without departing from the inventive concept, also It may include more other equivalent embodiments, and the scope of the invention is determined by the scope of the appended claims.

Claims (10)

1. a kind of message safe processing system characterized by comprising at processor, hardware security Co-processor Module and network Module is managed, the processor is integrated with software security protocols and control module;
The processor, for passing through the operation software when establishing secured session or the state that needs to conversate refreshes Security protocol and control module configure the hardware security Co-processor Module and the network process module;
The network process module is connect at least one network interface, is used for after configuration, will be from the network interface The message received is sent to the hardware security Co-processor Module and carries out safe handling;By the hardware security Co-processor Module The message fed back after the completion of processing, is sent out by the network interface;
The hardware security Co-processor Module, for after configuration, the network process module received to be sent After message carries out safe handling, the network process module is fed back to.
2. system according to claim 1, which is characterized in that the processor by control management bus respectively with it is described Hardware security Co-processor Module and the network process module are connected;The hardware security Co-processor Module and the network Processing module is connected by Message processing bus.
3. system according to claim 1, which is characterized in that the processor is specifically used for:
When establishing secured session, by running the software security protocols and control module, the hardware security association is handled The secured session table and module control table for including in module are configured, and, the friendship to including in the network process module It changes forwarding table and secured session drainage table is configured.
4. system according to claim 3, which is characterized in that include: safe handling agreement, institute in the secured session table Stating module control table includes: that the control logic of safe handling is carried out to the message received;
It include: the identity identification information of the message received in the exchange forwarding table and secured session drainage table.
5. system according to claim 4, which is characterized in that the hardware security Co-processor Module is specifically used for:
According to the control logic for including in the module control table, safe handling class corresponding with the message received is determined Type;
According to the safe handling agreement in the secured session table, the message received is carried out and the safe place Manage the corresponding safe handling of type, by after safe handling message and Message processing be sent at the network with information Module is managed, the Message processing includes indicating the whether successful identification information of safe handling with information.
6. system according to claim 5, which is characterized in that the network process module is specifically used for:
Message is received by the network interface;
According to the identity identification information for the message received that the secured session drainage table includes, acquisition needs to carry out safe place The message of reason, and it is sent to hardware security Co-processor Module;
The message after safe handling and Message processing for receiving that the hardware security Co-processor Module sends are with information;
When the adjoint information of the Message processing is Message processing success, by the message and message after safe handling The adjoint information of processing, by being sent out with the matched network interface of the identity identification information for exchanging the message in forwarding table Out.
7. system according to claim 1, which is characterized in that the hardware security Co-processor Module is also used to safety The operation of processing is counted, and the statistical information of the operation of safe handling is obtained;
The processor is also used to extract the statistical information of the operation of safe handling from hardware security Co-processor Module, wherein The statistical information of the operation of the safe handling includes the progress secure processing operations in the hardware security Co-processor Module Message amount, the type for carrying out secure processing operations.
8. system according to claim 7, which is characterized in that the system also includes memory, the memory passes through control Management bus is connected with the processor, and safety is extracted from the hardware security Co-processor Module for storing the processor The statistical information of the operation of processing.
9. system according to claim 2, which is characterized in that connect the hardware security Co-processor Module and network processes The Message processing bus of module is the Inline data/address bus of high bandwidth.
10. a kind of message security processing characterized by comprising
Through processor when establishing secured session or the state that needs to conversate refreshes, runs software security protocol and control Module configures hardware security Co-processor Module and network process module;
By the network process module by received from network interface to need the message for carrying out safe handling to be sent to described Hardware security Co-processor Module;
The message for needing to carry out safe handling to described by the hardware security Co-processor Module carries out safe handling, and will be through The message for crossing safe handling feeds back to the network process module;
The message by safe handling is sent by the network interface by the network process module.
CN201910779833.5A 2019-08-22 2019-08-22 Message security processing system and method Active CN110460475B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910779833.5A CN110460475B (en) 2019-08-22 2019-08-22 Message security processing system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910779833.5A CN110460475B (en) 2019-08-22 2019-08-22 Message security processing system and method

Publications (2)

Publication Number Publication Date
CN110460475A true CN110460475A (en) 2019-11-15
CN110460475B CN110460475B (en) 2022-04-05

Family

ID=68488563

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910779833.5A Active CN110460475B (en) 2019-08-22 2019-08-22 Message security processing system and method

Country Status (1)

Country Link
CN (1) CN110460475B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1567808A (en) * 2003-06-18 2005-01-19 联想(北京)有限公司 A network security appliance and realizing method thereof
CN101567848A (en) * 2009-06-01 2009-10-28 北京星网锐捷网络技术有限公司 Safety control method and exchanger
US20150347740A1 (en) * 2014-05-29 2015-12-03 Comcast Cable Communications, Llc Steganographic access controls

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1567808A (en) * 2003-06-18 2005-01-19 联想(北京)有限公司 A network security appliance and realizing method thereof
CN101567848A (en) * 2009-06-01 2009-10-28 北京星网锐捷网络技术有限公司 Safety control method and exchanger
US20150347740A1 (en) * 2014-05-29 2015-12-03 Comcast Cable Communications, Llc Steganographic access controls

Also Published As

Publication number Publication date
CN110460475B (en) 2022-04-05

Similar Documents

Publication Publication Date Title
CN110999248B (en) Secure communication acceleration using system-on-chip (SoC) architecture
US10171590B2 (en) Accessing enterprise communication systems from external networks
US9607162B2 (en) Implementation of secure communications in a support system
US10499243B2 (en) Authentication of phone caller identity
EP4086836B1 (en) Financial network
US7542573B2 (en) Providing apparatus, communication device, method, and program
CN100594690C (en) Method and device for safety strategy uniformly treatment in safety gateway
US10834132B2 (en) Implementing and optimizing secure socket layer intercept
CN110431823A (en) Hardware-accelerated secure communication management
US10505984B2 (en) Exchange of control information between secure socket layer gateways
US8880887B2 (en) Systems, methods, and computer-readable media for secure digital communications and networks
US20180316724A1 (en) Secure communication session resumption in a service function chain
CN112015769A (en) Data processing method and device, computer equipment and storage medium
US10469594B2 (en) Implementation of secure socket layer intercept
CN110719265B (en) Method, device and equipment for realizing network security communication
EP3211824A1 (en) Analysis system, analysis device, analysis method, and storage medium having analysis program recorded therein
CN109450895A (en) A kind of method for recognizing flux, device, server and storage medium
CN113992427A (en) Data encryption sending method and device based on adjacent nodes
CN110460475A (en) A kind of message safe processing system and method
US9288116B2 (en) System and method for NAS server test load generation
CN105939292B (en) Control strategy generation method and device
CN108109625B (en) Mobile phone voice recognition internal and external network transmission system and method
US20200177566A1 (en) Method and system for cooperative inspection of encrypted sessions
CN106549849B (en) The processing method and processing device of message
CN114186213A (en) Data transmission method, device, equipment and medium based on federal learning

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CB03 Change of inventor or designer information
CB03 Change of inventor or designer information

Inventor after: Tang Feng

Inventor before: Tang Feng